sb-eu logo
Story image

Is mobile shopping compromising your enterprise security?

06 Dec 2018

Article by Morphisec VP Tom Bain

Just as online shopping took over for in-store shopping during the last decade, shopping on mobile devices is poised to overtake shopping on non-mobile devices in the years to come.

Early data on online shopping this holiday season illustrates the trend.

According to Salesforce, a record number of orders were placed on smartphones on Thanksgiving (54%), and mobile devices created 68% of all retail site traffic, and between Black Friday and Cyber Monday, mobile shopping sales exceeded $4 billion.

With mobile shopping becoming the preferred method for consumers to work through their holiday gift lists, it’s no surprise that people are turning to their work-issued mobile devices as well to help place their orders.

The Morphisec: Holiday Impact on Enterprise Security Survey recently found that nearly half of employees will use a work-issued computer or mobile device for online shopping this holiday season.

This can be hazardous to the cybersecurity of their employers.

When employees choose to use work-issued devices and corporate network resources (WiFi) to do their holiday shopping online, security teams have a challenge with the surge in browsing and online transactions.

This time of year features a substantially higher bandwidth and resource consumption rate, both inside organisations and outside, as professionals surf and shop online.

The reliance on mobile devices for shopping even poses a risk to enterprise security when employees stick with using their own iPhones.

More than 47% of employees will use their personal devices for work-related activities as they travel during the holiday season.

That means that any professional that visited a malicious site on their own mobile device may be inadvertently opening up their employer’s network to their compromised endpoint.

To help both employers and their employees keep their mobile devices protected, here are some tips to ensure mobile shopping doesn’t affect enterprise security.

Beware of adware -- it isn’t only a shopping annoyance

Professionals shouldn’t be lulled into a false sense of security when they stumble across Adware via unfamiliar mobile sites they are trying to shop on as they court the lowest prices.

Potentially Unwanted Programs (PUPs) continue to be the largest group of threats prevented by Morphisec, representing 40% of all attacks.

Don’t update mobile applications in a festive rush

It’s easy for us all to go through the motions of installing and updating applications on our phones, but how often do we read the app permissions? If you need to install an app, check what it is gaining access to.

This can help you try and identify if the application will invade your privacy or if it's malicious.

Lookout reports that man-in-the-middle attacks affected about 0.8% of enterprise devices. Luckily, Android’s Google Play app store automatically comes with Google Play Protect, which guards users against potentially harmful apps (PHAs) with daily scans.

According to the Android Security 2017 Year in Review report, the annual average of a user-downloaded PHA from Google Play was 0.02%, making it 50% lower than in 2016.

Don’t share a Wi-Fi network with unwanted holiday guests

If you don’t have an unlimited data plan, it’s almost second-nature to just connect to whatever Wi-Fi is available.

Free Wi-Fi hotspots don’t require authentication, which helps hackers gain access to all of the unsecured devices connected to it.

The next time you connect to a public Wi-Fi, use a VPN service to ward the hackers off.

Last year, there were 1,579 data breaches, which exposed nearly 179 million records.

We’re entering the fraud-filled holiday season, and it’s critical everyone does their part to help prevent a cyber attack.

In general, work-issued mobile devices should only be used for work; however, if the time comes where you need to place an order on your phone, be sure to take every precaution possible to keep you and your organisation safe.

Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More
Story image
Strong cybersecurity posture crucial for company success - Fortinet
"They should also conduct due diligence to ensure partners aren’t inadvertently creating vulnerabilities with insufficient cybersecurity measures."More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More